From 91027632475258f0c24aac12cd42f454053d5d97 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 20:51:22 -0230 Subject: [PATCH 01/14] fix: Use official GCP action --- .github/workflows/deploy-production-new.yml | 165 ++++++++++++++++++ ...y-production.yml => deploy-production.old} | 0 gcp/policyengine_household_api/app.yaml | 11 +- 3 files changed, 167 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/deploy-production-new.yml rename .github/workflows/{deploy-production.yml => deploy-production.old} (100%) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml new file mode 100644 index 00000000..8ee05002 --- /dev/null +++ b/.github/workflows/deploy-production-new.yml @@ -0,0 +1,165 @@ +name: 'Deployment step 2: Deploy to Production' + +on: + # push: + # branches: + # - main + pull_request: + branches: + - main + +env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + PROJECT_ID: policyengine-household-api + REGION: us-central1 + SERVICE_NAME: policyengine-household-api + IMAGE_NAME: us-central1-docker.pkg.dev/policyengine-household-api/policyengine-household-api/policyengine-household-api + PYTHON_VERSION: '3.12' + IMAGE_VERSION: python312-latest # Cannot use . in Artifact Registry versions + +jobs: + lint-and-test: + name: Lint and test + runs-on: ubuntu-latest + # if: | + # (github.repository == 'PolicyEngine/policyengine-household-api') + # && (github.event.head_commit.message == 'Update PolicyEngine Household API') + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0 + with: + project_id: policyengine-household-api + service_account_key: ${{ secrets.GCP_SA_KEY }} + export_default_credentials: true + + - name: Install dependencies + run: make install + + - name: Run linter + run: make format + + - name: Run tests + run: make test + env: + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + AUTH0_ADDRESS_NO_DOMAIN: ${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} + AUTH0_AUDIENCE_NO_DOMAIN: ${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} + AUTH0_TEST_TOKEN_NO_DOMAIN: ${{ secrets.AUTH0_TEST_TOKEN_NO_DOMAIN }} + USER_ANALYTICS_DB_USERNAME: ${{ secrets.USER_ANALYTICS_DB_USERNAME }} + USER_ANALYTICS_DB_PASSWORD: ${{ secrets.USER_ANALYTICS_DB_PASSWORD }} + USER_ANALYTICS_DB_CONNECTION_NAME: ${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} + + build-docker: + name: Build Docker image + runs-on: ubuntu-latest + # if: | + # (github.repository == 'PolicyEngine/policyengine-household-api') + # && (github.event.head_commit.message == 'Update PolicyEngine Household API') + # needs: [lint-and-test] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0 + with: + project_id: ${{ env.PROJECT_ID }} + service_account_key: ${{ secrets.GCP_SA_KEY }} + export_default_credentials: true + + - name: Log in to Google Artifact Registry + uses: docker/login-action@v2 + with: + registry: us-central1-docker.pkg.dev + username: _json_key + password: ${{ secrets.GCP_SA_KEY }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE_NAME }} + tags: | + type=sha,prefix=,suffix= + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ env.IMAGE_VERSION }},enable={{is_default_branch}} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./gcp/policyengine_household_api/Dockerfile.production + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Make script executable + run: chmod +x .github/scripts/verify-image-push.sh + + - name: Verify image was pushed + env: + GENERATED_TAGS: ${{ steps.meta.outputs.tags }} + run: .github/scripts/verify-image-push.sh + +# Deploy to App Engine using pre-built Docker image from Google Artifact Registry +deploy: + name: Deploy to App Engine + runs-on: ubuntu-latest + # if: | + # (github.repository == 'PolicyEngine/policyengine-household-api') + # && (github.event.head_commit.message == 'Update PolicyEngine Household API') + # needs: [lint-and-test, build-docker] + needs: [build-docker] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Deploy to App Engine + uses: google-github-actions/deploy-appengine@v2 + with: + deliverables: "./gcp/policyengine_household_api/app.yaml" + image_url: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} + version: ${{ env.IMAGE_VERSION }} + promote: false # Equivalent to --no-promote + flags: "--quiet" + env_vars: | + AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} + AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} + USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} + USER_ANALYTICS_DB_PASSWORD=${{ secrets.USER_ANALYTICS_DB_PASSWORD }} + USER_ANALYTICS_DB_CONNECTION_NAME=${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} + ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} + + # - name: Set traffic to new version + # env: + # SERVICE_NAME: ${{ env.SERVICE_NAME }} + # VERSION: ${{ env.IMAGE_VERSION }} + # run: .github/scripts/set-traffic.sh + + - name: Verify deployment + env: + SERVICE_NAME: ${{ env.SERVICE_NAME }} + run: .github/scripts/verify-deployment.sh \ No newline at end of file diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.old similarity index 100% rename from .github/workflows/deploy-production.yml rename to .github/workflows/deploy-production.old diff --git a/gcp/policyengine_household_api/app.yaml b/gcp/policyengine_household_api/app.yaml index 763ba6c2..ba8a2f74 100644 --- a/gcp/policyengine_household_api/app.yaml +++ b/gcp/policyengine_household_api/app.yaml @@ -11,7 +11,7 @@ automatic_scaling: cpu_utilization: target_utilization: 0.8 readiness_check: - app_start_timeout_sec: 1800 # Maximum allowed (30 minutes) + app_start_timeout_sec: 1800 check_interval_sec: 30 timeout_sec: 10 failure_threshold: 5 @@ -21,11 +21,4 @@ liveness_check: check_interval_sec: 30 timeout_sec: 10 failure_threshold: 5 - success_threshold: 1 -env_variables: - AUTH0_ADDRESS_NO_DOMAIN: ${AUTH0_ADDRESS_NO_DOMAIN} - AUTH0_AUDIENCE_NO_DOMAIN: ${AUTH0_AUDIENCE_NO_DOMAIN} - USER_ANALYTICS_DB_USERNAME: ${USER_ANALYTICS_DB_USERNAME} - USER_ANALYTICS_DB_PASSWORD: ${USER_ANALYTICS_DB_PASSWORD} - USER_ANALYTICS_DB_CONNECTION_NAME: ${USER_ANALYTICS_DB_CONNECTION_NAME} - ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY} + success_threshold: 1 \ No newline at end of file From 594dc5161cb6d0f44dce9112ff3429e2d1c5f7f9 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 20:55:58 -0230 Subject: [PATCH 02/14] test: Move branch definition --- .github/workflows/deploy-production-new.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 8ee05002..2ddf4667 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -1,12 +1,12 @@ name: 'Deployment step 2: Deploy to Production' on: - # push: - # branches: - # - main pull_request: branches: - main + # push: + # branches: + # - main env: ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true From 679fb0bae1c341e3bb7c446f1309095a0ea42ea1 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 20:57:28 -0230 Subject: [PATCH 03/14] fix: Change name --- .github/workflows/deploy-production-new.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 2ddf4667..f529fa5e 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -1,4 +1,4 @@ -name: 'Deployment step 2: Deploy to Production' +name: 'Deployment step 2: Deploy to Production test' on: pull_request: From 2185aedc95e69607e1561487e87b56e8836afcbe Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 20:58:11 -0230 Subject: [PATCH 04/14] fix: indentation --- .github/workflows/deploy-production-new.yml | 88 ++++++++++----------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index f529fa5e..3cf586a4 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -119,47 +119,47 @@ jobs: GENERATED_TAGS: ${{ steps.meta.outputs.tags }} run: .github/scripts/verify-image-push.sh -# Deploy to App Engine using pre-built Docker image from Google Artifact Registry -deploy: - name: Deploy to App Engine - runs-on: ubuntu-latest - # if: | - # (github.repository == 'PolicyEngine/policyengine-household-api') - # && (github.event.head_commit.message == 'Update PolicyEngine Household API') - # needs: [lint-and-test, build-docker] - needs: [build-docker] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - - name: Deploy to App Engine - uses: google-github-actions/deploy-appengine@v2 - with: - deliverables: "./gcp/policyengine_household_api/app.yaml" - image_url: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} - version: ${{ env.IMAGE_VERSION }} - promote: false # Equivalent to --no-promote - flags: "--quiet" - env_vars: | - AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} - AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} - USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} - USER_ANALYTICS_DB_PASSWORD=${{ secrets.USER_ANALYTICS_DB_PASSWORD }} - USER_ANALYTICS_DB_CONNECTION_NAME=${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} - ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} - - # - name: Set traffic to new version - # env: - # SERVICE_NAME: ${{ env.SERVICE_NAME }} - # VERSION: ${{ env.IMAGE_VERSION }} - # run: .github/scripts/set-traffic.sh - - - name: Verify deployment - env: - SERVICE_NAME: ${{ env.SERVICE_NAME }} - run: .github/scripts/verify-deployment.sh \ No newline at end of file + # Deploy to App Engine using pre-built Docker image from Google Artifact Registry + deploy: + name: Deploy to App Engine + runs-on: ubuntu-latest + # if: | + # (github.repository == 'PolicyEngine/policyengine-household-api') + # && (github.event.head_commit.message == 'Update PolicyEngine Household API') + # needs: [lint-and-test, build-docker] + needs: [build-docker] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Deploy to App Engine + uses: google-github-actions/deploy-appengine@v2 + with: + deliverables: "./gcp/policyengine_household_api/app.yaml" + image_url: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} + version: ${{ env.IMAGE_VERSION }} + promote: false # Equivalent to --no-promote + flags: "--quiet" + env_vars: | + AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} + AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} + USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} + USER_ANALYTICS_DB_PASSWORD=${{ secrets.USER_ANALYTICS_DB_PASSWORD }} + USER_ANALYTICS_DB_CONNECTION_NAME=${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} + ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} + + # - name: Set traffic to new version + # env: + # SERVICE_NAME: ${{ env.SERVICE_NAME }} + # VERSION: ${{ env.IMAGE_VERSION }} + # run: .github/scripts/set-traffic.sh + + - name: Verify deployment + env: + SERVICE_NAME: ${{ env.SERVICE_NAME }} + run: .github/scripts/verify-deployment.sh \ No newline at end of file From 03c98a03e79341c9221ace1bf3d5fcd07551141c Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:18:41 -0230 Subject: [PATCH 05/14] fix: Alter YAML syntax around env vars --- .github/workflows/deploy-production-new.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 3cf586a4..7fe85997 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -127,16 +127,16 @@ jobs: # (github.repository == 'PolicyEngine/policyengine-household-api') # && (github.event.head_commit.message == 'Update PolicyEngine Household API') # needs: [lint-and-test, build-docker] - needs: [build-docker] + # needs: [build-docker] steps: - name: Checkout code uses: actions/checkout@v4 - + - name: Authenticate to Google Cloud uses: google-github-actions/auth@v2 with: credentials_json: ${{ secrets.GCP_SA_KEY }} - + - name: Deploy to App Engine uses: google-github-actions/deploy-appengine@v2 with: @@ -145,20 +145,20 @@ jobs: version: ${{ env.IMAGE_VERSION }} promote: false # Equivalent to --no-promote flags: "--quiet" - env_vars: | + env_vars: |- AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} USER_ANALYTICS_DB_PASSWORD=${{ secrets.USER_ANALYTICS_DB_PASSWORD }} USER_ANALYTICS_DB_CONNECTION_NAME=${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} - + # - name: Set traffic to new version # env: # SERVICE_NAME: ${{ env.SERVICE_NAME }} # VERSION: ${{ env.IMAGE_VERSION }} # run: .github/scripts/set-traffic.sh - + - name: Verify deployment env: SERVICE_NAME: ${{ env.SERVICE_NAME }} From 0efc5962fb4df4782992e8821bf5f5dc876dfdd3 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:22:33 -0230 Subject: [PATCH 06/14] test: Also try setting via build env vars --- .github/workflows/deploy-production-new.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 7fe85997..ae8c467e 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -145,7 +145,7 @@ jobs: version: ${{ env.IMAGE_VERSION }} promote: false # Equivalent to --no-promote flags: "--quiet" - env_vars: |- + build_env_vars: |- AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} From 7bd2b46511396dbee593ebbe574605dbe8935a96 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:22:44 -0230 Subject: [PATCH 07/14] chore: Name image version differently --- .github/workflows/deploy-production-new.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index ae8c467e..9b9fde34 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -15,7 +15,7 @@ env: SERVICE_NAME: policyengine-household-api IMAGE_NAME: us-central1-docker.pkg.dev/policyengine-household-api/policyengine-household-api/policyengine-household-api PYTHON_VERSION: '3.12' - IMAGE_VERSION: python312-latest # Cannot use . in Artifact Registry versions + IMAGE_VERSION: python312-latest-test1 # Cannot use . in Artifact Registry versions jobs: lint-and-test: From 584416cdac64e88f86cc547f6fc41b9e0297df45 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:34:55 -0230 Subject: [PATCH 08/14] fix: Re-enable itemization --- policyengine_household_api/country.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/policyengine_household_api/country.py b/policyengine_household_api/country.py index ccf43866..062ad7d3 100644 --- a/policyengine_household_api/country.py +++ b/policyengine_household_api/country.py @@ -335,10 +335,6 @@ def calculate( situation=household, ) - simulation.tax_benefit_system.parameters.gov.simulation.branch_to_determine_itemization.update( - start=2020, value=False - ) - household = json.loads(json.dumps(household)) # Run tracer on household From aba3f83babedd0bf9876e11a6790db54a92c9ae7 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:35:51 -0230 Subject: [PATCH 09/14] fix: Remove check to confirm deployment (deploy action already confirms) --- .github/workflows/deploy-production-new.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 9b9fde34..5c830a01 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -158,8 +158,3 @@ jobs: # SERVICE_NAME: ${{ env.SERVICE_NAME }} # VERSION: ${{ env.IMAGE_VERSION }} # run: .github/scripts/set-traffic.sh - - - name: Verify deployment - env: - SERVICE_NAME: ${{ env.SERVICE_NAME }} - run: .github/scripts/verify-deployment.sh \ No newline at end of file From f906432ef437779a6ecd35cf363f52ce50844563 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:37:03 -0230 Subject: [PATCH 10/14] fix: Correct image version name --- .github/workflows/deploy-production-new.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 5c830a01..70777445 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -15,7 +15,7 @@ env: SERVICE_NAME: policyengine-household-api IMAGE_NAME: us-central1-docker.pkg.dev/policyengine-household-api/policyengine-household-api/policyengine-household-api PYTHON_VERSION: '3.12' - IMAGE_VERSION: python312-latest-test1 # Cannot use . in Artifact Registry versions + IMAGE_VERSION: python312-latest # Cannot use . in Artifact Registry versions jobs: lint-and-test: From 6a71b46ea19367ad3ee61baf05884d1618a55105 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:40:17 -0230 Subject: [PATCH 11/14] fix: Correct version name, image address --- .github/workflows/deploy-production-new.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 70777445..1a91e3e6 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -142,8 +142,8 @@ jobs: with: deliverables: "./gcp/policyengine_household_api/app.yaml" image_url: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} - version: ${{ env.IMAGE_VERSION }} - promote: false # Equivalent to --no-promote + version: ${{ env.IMAGE_VERSION }}-${{ format('YYYYMMDD-HHmmss', github.event.head_commit.timestamp) }} + promote: false # Don't move traffic over until full successful deploy flags: "--quiet" build_env_vars: |- AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} From b1acd3c6c527a19fd71a43ae653a46e8c6b9b8af Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:41:05 -0230 Subject: [PATCH 12/14] fix: Use env_vars, not build_env_vars --- .github/workflows/deploy-production-new.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 1a91e3e6..31df6299 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -145,7 +145,7 @@ jobs: version: ${{ env.IMAGE_VERSION }}-${{ format('YYYYMMDD-HHmmss', github.event.head_commit.timestamp) }} promote: false # Don't move traffic over until full successful deploy flags: "--quiet" - build_env_vars: |- + env_vars: |- AUTH0_ADDRESS_NO_DOMAIN=${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} AUTH0_AUDIENCE_NO_DOMAIN=${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} USER_ANALYTICS_DB_USERNAME=${{ secrets.USER_ANALYTICS_DB_USERNAME }} From 52348820fde633ede5594b849156f8e27c6276ae Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 21:42:44 -0230 Subject: [PATCH 13/14] fix: Remove version naming and revert to defaults --- .github/workflows/deploy-production-new.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production-new.yml index 31df6299..4c68c626 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production-new.yml @@ -142,7 +142,6 @@ jobs: with: deliverables: "./gcp/policyengine_household_api/app.yaml" image_url: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }} - version: ${{ env.IMAGE_VERSION }}-${{ format('YYYYMMDD-HHmmss', github.event.head_commit.timestamp) }} promote: false # Don't move traffic over until full successful deploy flags: "--quiet" env_vars: |- From 10ef70a15241eade7475378286a3768a86849d84 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Tue, 12 Aug 2025 22:02:10 -0230 Subject: [PATCH 14/14] fix: Get scripts in prod state --- .github/scripts/deploy-app-engine.sh | 47 ----- .github/workflows/deploy-production.old | 166 ------------------ ...oduction-new.yml => deploy-production.yml} | 43 +++-- changelog_entry.yaml | 5 + 4 files changed, 25 insertions(+), 236 deletions(-) delete mode 100755 .github/scripts/deploy-app-engine.sh delete mode 100644 .github/workflows/deploy-production.old rename .github/workflows/{deploy-production-new.yml => deploy-production.yml} (83%) diff --git a/.github/scripts/deploy-app-engine.sh b/.github/scripts/deploy-app-engine.sh deleted file mode 100755 index f3733dec..00000000 --- a/.github/scripts/deploy-app-engine.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# Deploy to Google Cloud App Engine using pre-built Docker image -set -e - -# Get required environment variables -IMAGE_NAME="${IMAGE_NAME}" -IMAGE_TAG="${IMAGE_TAG}" -SERVICE_ACCOUNT="${SERVICE_ACCOUNT}" -APP_YAML_PATH="${APP_YAML_PATH}" - -if [ -z "$IMAGE_NAME" ] || [ -z "$IMAGE_TAG" ] || [ -z "$SERVICE_ACCOUNT" ] || [ -z "$APP_YAML_PATH" ]; then - echo "Error: Required environment variables not set" - echo "IMAGE_NAME: $IMAGE_NAME" - echo "IMAGE_TAG: $IMAGE_TAG" - echo "SERVICE_ACCOUNT: $SERVICE_ACCOUNT" - echo "APP_YAML_PATH: $APP_YAML_PATH" - exit 1 -fi - -echo "Deploying pre-built Docker image from Google Artifact Registry to App Engine..." -echo "Image: $IMAGE_NAME:$IMAGE_TAG" -echo "Version: $IMAGE_TAG" -echo "Service Account: $SERVICE_ACCOUNT" -echo "App YAML: $APP_YAML_PATH" - -# Check that Auth0 environment variables are set -if [ -z "$AUTH0_ADDRESS_NO_DOMAIN" ] || [ -z "$AUTH0_AUDIENCE_NO_DOMAIN" ]; then - echo "Error: Auth0 environment variables not set" - exit 1 -fi - -echo "Substituting environment variables in app.yaml..." -TEMP_APP_YAML=$(mktemp) -envsubst < "$APP_YAML_PATH" > "$TEMP_APP_YAML" - -# Deploy to App Engine using the substituted app.yaml -gcloud app deploy "$TEMP_APP_YAML" \ - --image-url="$IMAGE_NAME:$IMAGE_TAG" \ - --version="$IMAGE_TAG" \ - --service-account="$SERVICE_ACCOUNT" \ - --quiet - -# Clean up -rm "$TEMP_APP_YAML" - -echo "App Engine deployment completed successfully" \ No newline at end of file diff --git a/.github/workflows/deploy-production.old b/.github/workflows/deploy-production.old deleted file mode 100644 index d83ff77a..00000000 --- a/.github/workflows/deploy-production.old +++ /dev/null @@ -1,166 +0,0 @@ -name: 'Deployment step 2: Deploy to Production' - -on: - push: - branches: - - main - -env: - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - PROJECT_ID: policyengine-household-api - REGION: us-central1 - SERVICE_NAME: policyengine-household-api - IMAGE_NAME: us-central1-docker.pkg.dev/policyengine-household-api/policyengine-household-api/policyengine-household-api - PYTHON_VERSION: '3.12' - IMAGE_VERSION: python312-latest # Cannot use . in Artifact Registry versions - -jobs: - lint-and-test: - name: Lint and test - runs-on: ubuntu-latest - if: | - (github.repository == 'PolicyEngine/policyengine-household-api') - && (github.event.head_commit.message == 'Update PolicyEngine Household API') - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 - with: - project_id: policyengine-household-api - service_account_key: ${{ secrets.GCP_SA_KEY }} - export_default_credentials: true - - - name: Install dependencies - run: make install - - - name: Run linter - run: make format - - - name: Run tests - run: make test - env: - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - AUTH0_ADDRESS_NO_DOMAIN: ${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} - AUTH0_AUDIENCE_NO_DOMAIN: ${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} - AUTH0_TEST_TOKEN_NO_DOMAIN: ${{ secrets.AUTH0_TEST_TOKEN_NO_DOMAIN }} - USER_ANALYTICS_DB_USERNAME: ${{ secrets.USER_ANALYTICS_DB_USERNAME }} - USER_ANALYTICS_DB_PASSWORD: ${{ secrets.USER_ANALYTICS_DB_PASSWORD }} - USER_ANALYTICS_DB_CONNECTION_NAME: ${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} - - build-docker: - name: Build Docker image - runs-on: ubuntu-latest - if: | - (github.repository == 'PolicyEngine/policyengine-household-api') - && (github.event.head_commit.message == 'Update PolicyEngine Household API') - needs: [lint-and-test] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 - with: - project_id: ${{ env.PROJECT_ID }} - service_account_key: ${{ secrets.GCP_SA_KEY }} - export_default_credentials: true - - - name: Log in to Google Artifact Registry - uses: docker/login-action@v2 - with: - registry: us-central1-docker.pkg.dev - username: _json_key - password: ${{ secrets.GCP_SA_KEY }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.IMAGE_NAME }} - tags: | - type=sha,prefix=,suffix= - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=${{ env.IMAGE_VERSION }},enable={{is_default_branch}} - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - file: ./gcp/policyengine_household_api/Dockerfile.production - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Make script executable - run: chmod +x .github/scripts/verify-image-push.sh - - - name: Verify image was pushed - env: - GENERATED_TAGS: ${{ steps.meta.outputs.tags }} - run: .github/scripts/verify-image-push.sh - - # Deploy to App Engine using pre-built Docker image from Google Artifact Registry - deploy: - name: Deploy to App Engine - runs-on: ubuntu-latest - if: | - (github.repository == 'PolicyEngine/policyengine-household-api') - && (github.event.head_commit.message == 'Update PolicyEngine Household API') - needs: [lint-and-test, build-docker] - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - - name: Log in to Google Artifact Registry for image verification - uses: docker/login-action@v2 - with: - registry: us-central1-docker.pkg.dev - username: _json_key - password: ${{ secrets.GCP_SA_KEY }} - - - name: Deploy to App Engine - env: - IMAGE_NAME: ${{ env.IMAGE_NAME }} - IMAGE_TAG: ${{ env.IMAGE_VERSION }} - SERVICE_ACCOUNT: github-deployment@policyengine-household-api.iam.gserviceaccount.com - APP_YAML_PATH: ./gcp/policyengine_household_api/app.yaml - AUTH0_ADDRESS_NO_DOMAIN: ${{ secrets.AUTH0_ADDRESS_NO_DOMAIN }} - AUTH0_AUDIENCE_NO_DOMAIN: ${{ secrets.AUTH0_AUDIENCE_NO_DOMAIN }} - USER_ANALYTICS_DB_USERNAME: ${{ secrets.USER_ANALYTICS_DB_USERNAME }} - USER_ANALYTICS_DB_PASSWORD: ${{ secrets.USER_ANALYTICS_DB_PASSWORD }} - USER_ANALYTICS_DB_CONNECTION_NAME: ${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - run: .github/scripts/deploy-app-engine.sh - - - name: Set traffic to new version - env: - SERVICE_NAME: ${{ env.SERVICE_NAME }} - VERSION: ${{ env.IMAGE_VERSION }} - run: .github/scripts/set-traffic.sh - - - name: Verify deployment - env: - SERVICE_NAME: ${{ env.SERVICE_NAME }} - run: .github/scripts/verify-deployment.sh diff --git a/.github/workflows/deploy-production-new.yml b/.github/workflows/deploy-production.yml similarity index 83% rename from .github/workflows/deploy-production-new.yml rename to .github/workflows/deploy-production.yml index 4c68c626..a2f7c1c5 100644 --- a/.github/workflows/deploy-production-new.yml +++ b/.github/workflows/deploy-production.yml @@ -1,18 +1,15 @@ name: 'Deployment step 2: Deploy to Production test' on: - pull_request: + push: branches: - main - # push: - # branches: - # - main env: ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true PROJECT_ID: policyengine-household-api REGION: us-central1 - SERVICE_NAME: policyengine-household-api + SERVICE_NAME: default IMAGE_NAME: us-central1-docker.pkg.dev/policyengine-household-api/policyengine-household-api/policyengine-household-api PYTHON_VERSION: '3.12' IMAGE_VERSION: python312-latest # Cannot use . in Artifact Registry versions @@ -21,9 +18,9 @@ jobs: lint-and-test: name: Lint and test runs-on: ubuntu-latest - # if: | - # (github.repository == 'PolicyEngine/policyengine-household-api') - # && (github.event.head_commit.message == 'Update PolicyEngine Household API') + if: | + (github.repository == 'PolicyEngine/policyengine-household-api') + && (github.event.head_commit.message == 'Update PolicyEngine Household API') steps: - name: Checkout code uses: actions/checkout@v4 @@ -60,10 +57,10 @@ jobs: build-docker: name: Build Docker image runs-on: ubuntu-latest - # if: | - # (github.repository == 'PolicyEngine/policyengine-household-api') - # && (github.event.head_commit.message == 'Update PolicyEngine Household API') - # needs: [lint-and-test] + if: | + (github.repository == 'PolicyEngine/policyengine-household-api') + && (github.event.head_commit.message == 'Update PolicyEngine Household API') + needs: [lint-and-test] steps: - name: Checkout code uses: actions/checkout@v4 @@ -123,11 +120,10 @@ jobs: deploy: name: Deploy to App Engine runs-on: ubuntu-latest - # if: | - # (github.repository == 'PolicyEngine/policyengine-household-api') - # && (github.event.head_commit.message == 'Update PolicyEngine Household API') - # needs: [lint-and-test, build-docker] - # needs: [build-docker] + if: | + (github.repository == 'PolicyEngine/policyengine-household-api') + && (github.event.head_commit.message == 'Update PolicyEngine Household API') + needs: [lint-and-test, build-docker] steps: - name: Checkout code uses: actions/checkout@v4 @@ -137,7 +133,8 @@ jobs: with: credentials_json: ${{ secrets.GCP_SA_KEY }} - - name: Deploy to App Engine + - id: deploy + name: Deploy to App Engine uses: google-github-actions/deploy-appengine@v2 with: deliverables: "./gcp/policyengine_household_api/app.yaml" @@ -152,8 +149,8 @@ jobs: USER_ANALYTICS_DB_CONNECTION_NAME=${{ secrets.USER_ANALYTICS_DB_CONNECTION_NAME }} ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} - # - name: Set traffic to new version - # env: - # SERVICE_NAME: ${{ env.SERVICE_NAME }} - # VERSION: ${{ env.IMAGE_VERSION }} - # run: .github/scripts/set-traffic.sh + - name: Set traffic to new version + env: + SERVICE_NAME: ${{ env.SERVICE_NAME }} + VERSION: ${{ steps.deploy.outputs.version }} + run: .github/scripts/set-traffic.sh diff --git a/changelog_entry.yaml b/changelog_entry.yaml index e69de29b..d215e4b5 100644 --- a/changelog_entry.yaml +++ b/changelog_entry.yaml @@ -0,0 +1,5 @@ +- bump: patch + changes: + changed: + - Replaced custom GCP deploy script with official Google action. + - Re-enabled itemized deductions to prevent UK service outage. \ No newline at end of file